Michael Young

Recent Posts

While we don’t have a habit of announcing when our products are NOT vulnerable to a specific security issue, sometimes IT teams pounce on the panic button (understandably) when they hear about a new critical vulnerability that hit the media mainstream. … Continue reading →

We recently patched a Cross-Site-Scripting (XSS) vulnerability within Geoportal Server and posted the patch to GitHub. Current 1.2.7 installations should just apply the patch, whereas installations before 1.2.7 will need to upgrade to 1.2.7 and then apply this patch. The … Continue reading →

The first set of security patches for ArcGIS Server and Portal for ArcGIS in 2017 were just released. We recommend our customers apply these patches in a timely manner. To be clear, there are separate security patches for ArcGIS Server and … Continue reading →

The second security patch for ArcGIS Server in 2016 was released in May, and now the second security patch of Portal for ArcGIS in 2016 is being released (hence the name 2016 Update2). We recommend our customers apply this patch in a timely … Continue reading →

NOTE: Even if you don’t know or care about these various acronyms, but you want to ensure the most secure ArcGIS deployment possible, it is worthwhile to check out the briefing for focused, secure architecture and configuration enlightenment based on real-world deployments.

Let us know what you think of this briefing – We have more in the queue and welcome your feedback/suggestions to SecureSoftwareServices@Esri.com.

We are happy to announce that our update of ArcGIS Online transport encryption certificates to a stronger hashing algorithm will be complete December 2nd, 2015. Specifically, we are transitioning from SHA-1 to SHA-256 certificates (also referred to as SHA-2). Why? … Continue reading →

On October 6, 2015 the European Court of Justice declared that Safe Harbor alone is no longer considered adequate privacy assurance by itself for customers requiring EU’s data protection of personal data. Media ran to the presses with the issues this might entail for European customers of US-based data holdings, however the UK Information Commissioner was quick to state “Keep calm, Safe Harbor is not the only route.”

To ensure our customers know what privacy assurance is available now and what we are working on, we have updated our Privacy overview page on our Trust site. We are strong advocates of your privacy and believe these efforts will help to ensure you remain in compliance with EU law.

Though Privacy is not called out as a specific fundamental right in the United States today, as it is by the EU, this is an area of active change as evidenced by the recent passage of the California Electronic Communications Privacy Act (CalECPA). Previously, California privacy law did not cover electronic devices or digitally stored information, so now a warrant is required for the government to access electronic information – a step the EU considers the right direction.

Bottom line, some customers might want to utilize mechanisms in the short-term to help fulfill privacy regulation requirements such as Consent, EU Model Clauses, and even deployment models. Esri plans to support Safe Harbor 2.0 when it is released to ensure we can all work together in the most effective manner and provide assurance to the privacy and security of our customers around the globe.